[4.1] aac1c61 More comprehensive test for illegal characters in HTTP/1 headers.

Lasse Karstensen lkarsten at varnish-software.com
Thu Feb 11 17:14:32 CET 2016


commit aac1c6148c71837c9f198198129cd0e76c5a27b2
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Thu Feb 11 09:15:07 2016 +0000

    More comprehensive test for illegal characters in HTTP/1 headers.

diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
index deb191d..2bca363 100644
--- a/bin/varnishd/http1/cache_http1_proto.c
+++ b/bin/varnishd/http1/cache_http1_proto.c
@@ -122,10 +122,15 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc)
 		if (vct_iscrlf(p))
 			break;
 		while (r < htc->rxbuf_e) {
-			if (!vct_iscrlf(r)) {
+			if (!vct_isctl(*r) || vct_issp(*r)) {
 				r++;
 				continue;
 			}
+			if (!vct_iscrlf(r)) {
+				VSLb(hp->vsl, SLT_BogoHeader,
+				    "Header has ctrl char 0x%02x", *r);
+				return (400);
+			}
 			q = r;
 			assert(r < htc->rxbuf_e);
 			r += vct_skipcrlf(r);
diff --git a/bin/varnishtest/tests/b00040.vtc b/bin/varnishtest/tests/b00040.vtc
index 7ce7615..123c3a1 100644
--- a/bin/varnishtest/tests/b00040.vtc
+++ b/bin/varnishtest/tests/b00040.vtc
@@ -8,6 +8,15 @@ server s1 {
 
 varnish v1 -vcl+backend { } -start
 
+logexpect l1 -v v1 -g raw {
+	expect * 1001 BogoHeader {1st header has white space:.*}
+	expect * 1003 BogoHeader {1st header has white space:.*}
+	expect * 1005 BogoHeader {Header has ctrl char 0x0d}
+	expect * 1010 BogoHeader {Header has ctrl char 0x01}
+	expect * 1012 BogoHeader {Header has ctrl char 0x0d}
+	expect * 1014 BogoHeader {Header has ctrl char 0x0d}
+} -start
+
 client c1 {
 	send "GET /1 HTTP/1.1\r\n"
 	send " Host: foo\r\n"
@@ -41,3 +50,27 @@ client c1 {
 	rxresp
 	expect resp.status == 200
 } -run
+delay .1
+
+client c1 {
+	send "GET /5 HTTP/1.1\r\nHost: localhost\r\nBogo: Header\001More\r\n\r\n"
+	rxresp
+	expect resp.status == 400
+} -run
+delay .1
+
+client c1 {
+	send "GET /6 HTTP/1.1\r\nHost: localhost\r\nBogo: Header\r\r\n\r\n"
+	rxresp
+	expect resp.status == 400
+} -run
+delay .1
+
+client c1 {
+	send "GET /7 HTTP/1.1\r\nHost: localhost\r\nBogo: Header\rMore\r\n\r\n"
+	rxresp
+	expect resp.status == 400
+} -run
+
+logexpect l1 -wait
+



More information about the varnish-commit mailing list